BugTraq Mode:
(Page 163 of 1748)  < Prev  158 159 160 161 162 163 164 165 166 167 168  Next >
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite 2015-02-18
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite

During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files of

[ more ]  [ reply ]
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilitiesþ 2015-02-17
Rehan Ahmed (knight_rehan hotmail com)
========================================================

I. Overview

========================================================

Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in

Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allo

[ more ]  [ reply ]
NetGear WNDR Authentication Bypass / Information Disclosure 2015-02-17
Peter Adkins (peter adkins kernelpicnic net)
>> NetGear WNDR Authentication Bypass / Information Disclosure

Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

Access:
----
Local network; unauthenticated access.
Remote network; unauthenticated access*.

Tracking and identifiers:
----
CVE - Mitre contacted; not yet allocated.

Pl

[ more ]  [ reply ]
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability 2015-02-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1226

eBay Inc. Bug Bounty Program ID: EIBBP-27288

Vulnerability Magazine: http://

[ more ]  [ reply ]
CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher 2015-02-17
kingkaustubh me com
# Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin
# Author: Kaustubh G. Padwad
# CVE-ID : CVE-2015-1614
# Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/
# Severity: Medium

# Description:
# Vulnerable Parameter: Alternate text,Caption,Cu

[ more ]  [ reply ]
[slackware-security] sudo (SSA:2015-047-03) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] sudo (SSA:2015-047-03)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] patch (SSA:2015-047-01) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] patch (SSA:2015-047-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2015-047-02) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2015-047-02)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Reflected File Download in AOL Search Website 2015-02-16
Ricardo Iramar dos Santos (riramar gmail com) (1 replies)
Oren Hafif reported a new kind of attack called Reflected File
Download (https://www.blackhat.com/eu-14/briefings.html#reflected-file-download-a
-new-web-attack-vector)
in Black Hat Europe 2014 conference.
More details about the attack you can found in his public
presentation: https://www.blackhat.co

[ more ]  [ reply ]
Re: Reflected File Download in AOL Search Website 2015-02-16
Mike Antcliffe (mikeantcliffe logicallysecure com)
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher 2015-02-15
kingkaustubh me com
#####################################
Title:- XSS In Image-Metadata-Cruncher
Author: Kaustubh G. Padwad
Product: image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/
Severity: Medium
Auth: Requierd

# Description:
Vulnerable Parameter:
Alternate text:

[ more ]  [ reply ]
Cosmoshop - XSS on Admin-Login Mask 2015-02-14
innate gmx de
author: l0om
page: l0om.org
date: 14.02.2015

Cosmoshop is a simple webshop designed for the german market.

There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at

http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi

This page w

[ more ]  [ reply ]
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 2015-02-14
sven bsddaemon org
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5

----------------------------------------------------------------

Product Information:

Software: Fat Free CRM

Tested Version: 0.13.5, released 22.1.2015 with over 10.000 downloads

Vulnerability Type: Cross-Site Request Forgery,

[ more ]  [ reply ]
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four 2015-02-14
Hector Marco (hecmargi upv es)
Hi,

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
been found. The issue is that the stack for processes is not properly
randomized on some 64 bit architectures due to an integer overflow.

Affected systems have reduced the stack entropy of the processes by four.

Details at

[ more ]  [ reply ]
CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak 2015-02-13
jullrich sans edu
Summary

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

The problem has been fixed by removing this configuration dump from curr

[ more ]  [ reply ]
UNIT4 Prosoft HRMS XSS Vulnerability 2015-02-13
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.unit4.com/
# Product: UNIT4 Prosoft HRMS
# Product site: http://www.unit4apac.com/products/prosofthrms
# Affected version: 8.14.230.47
# Fixed version: 8.14.330.43
# Credit: Jerold Hoong & Edric Teo

# PROOF OF CONCEPT

The login page o

[ more ]  [ reply ]
[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution 2015-02-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04568731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04568731
Version: 1

HPSBGN03258 r

[ more ]  [ reply ]
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service 2015-02-13
Hector Marco (hecmargi upv es)
Hello,

Summary:

A bug in the stock Google email application version 4.4.2.0200 has been
found. An attacker can remotely perform an Denial Of Service attack by
sending a specially crafted email. No interaction from the user is
needed to produce the crash just receive the malicious email.

The C

[ more ]  [ reply ]
[ MDVSA-2015:046 ] ntp 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:046
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:045 ] e2fsprogs 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:045
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:047 ] elfutils 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:047
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:048 ] postgresql 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:048
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:044 ] perl-Gtk2 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:044
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Open-Xchange Security Advisory 2015-02-12 2015-02-12
Martin Heiland (martin heiland open-xchange com)
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35889 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versio

[ more ]  [ reply ]
Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-12
Jonathan Brossard (endrazine gmail com) (1 replies)


----++++++++++++++++++++++++++++++++++++----
Shakacon VII - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2015.html
----++++++++++++++++++++++++++++++++++++----

Who: Shakacon Crew
What: Shakacon VII
When: July 6-7 (Training) & July

[ more ]  [ reply ]
Re: Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-13
Jonathan Brossard (endrazine gmail com)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-02-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa

Revision 2.0

Last Updated 2015 February 11 17:54 UTC (GMT)

For Public Release 2014 October 8 16:00 UTC (GMT)

Summary
=======

*** Revision 2.0 Note: Please see the

[ more ]  [ reply ]
[SECURITY] [DSA 3161-1] dbus security update 2015-02-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3161-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3160-1] xorg-server security update 2015-02-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3160-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2015

[ more ]  [ reply ]
Elasticsearch vulnerability CVE-2015-1427 2015-02-11
Kevin Kluge (kevin kluge elasticsearch com)
Summary:
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.

We have been assign

[ more ]  [ reply ]
(Page 163 of 1748)  < Prev  158 159 160 161 162 163 164 165 166 167 168  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus